BP had a different lines of business across the globe, out of those businesses, there was a business of

lube. There were mainly dealing diesel, kerosene oil, engine oils etc. so whenever they onboard a
new customer, the onboarding process was being done with the help of an excel sheet. They had
created some excel sheets with Macros in it. And once all the information filled. It’d go to the
different departments for review, approval and information would be injected into the respective
systems. This whole process was taking 7-10 business days.

The core objective of the project was to automate this whole onboarding process and implement
Single Sign On with 2FA 2 factor authentication to create the digital identity per individual (OTP and
Microsoft authenticator app) for these two applications to easily maintained, modified and monitor
the corporate data and privileged access.

There were around 60-70 roles depending upon the region of the business. So each role had
different capabilities (meaning do’s and don’ts or in business terms RBEC (Role Based Access
Control). So I created that mapping based on the business rules and polices like Data Governance,
who can access to corporate data and what kind of privileged access should be granted, specific to
that Geo-location. And implemented.

on-premise infrastructure.

Authentication 2FA/MFA (is simple WHO), Authorization (is complex as it requires business rules,
what they can do) (Access Life Cycle)

PAM – Privileged Access Management – the layer that secures a specific access level and the data
that can be accessed by privileged user/account. Identity and access management applies to all the
users in the organisation who have an identity, which will be monitored and managed.

PIM Privileged Identity Management focuses on the rights assigned (typically set by IT department or
system admins) to various identities. Also assists in the control of unchecked IAM areas.

PIM and PAM are subset of Identity Access Management. All three work in tandem to create a
strong security posture. These three concepts form the backbone of a successful cyber security
strategy, ensuring that access to critical systems and data is securely managed, controlled and
monitored.

Keywords -

Data Governance Model.

Access/Data - managed, controlled and monitored.

Users, Groups, Roles and Policies

corporate data and access to privileged information

consequences of an unauthorized party gaining access to your private network can be so

devastating

adaptive authentication (SBI), Federated identity services

Device Lifecycle – D. Planning, D. Procurement, D. Provisioning, D. Maintenance, D.
Decommissioning.

NO IAM –

 Multiple administration points

 Redundant data synchronization
 User Must Authenticate to each application
 Multiple identity stores
 Busy IT support Desk in case of expired or locked passwords

YES IAM –

 Single Sign On
 Single Identity Store
 Ability to present multiple data views
 Single Admin Point
 Reduced replication and synchronization

Monitoring usage of corporate data and access to privileged information had been a daunting task
before the advent of IAM. Compassing numerous APIs, single sign-on frameworks and data handling
policies, IAM has established itself as a key component of every IT department.

But how does it enforce these rules and what are the key benefactors of these policies.
What about the advantages of these frameworks and the workflow of these systems. We are here
today to answer these Questions.

Let's take a look at some of the topics to be covered today. We start by learning about IAM that is
identity and access management from a surface level so as to put a clear idea of what it is. Next, we
cover the general workflow and process of how IAM works moving on we cover some of the tools
that find the place in an IAM framework and are crucial components finally we go through some of
the advantages of the IAM learning what makes them a lucrative deal for organizations

What Is IAM?
So let's get started by learning about IAM from a surface level perspective.

Identity and access management or IAM is a set of Processes, Policies and Tools for defining and
managing the roles and access privileges of individual network entities to a variety of cloud and
on-premise applications. The users can include customers, partners, employees, devices like
computers smartphones routers etc. The core objective of IAM systems is one digital identity per
individual or item. Once the digital identity has been established it must be maintained, modified
and monitored throughout each user's or device's access lifecycle.

Access and user are two vital IAM concepts. Access refers to the actions permitted to be done by a
user like view, create or change a file. Users could be employees, partners, suppliers, contractors or
even customers. Furthermore, employees can be further segmented based on their roles.
IAM systems are designed to perform three key tasks Identify, Authenticate and Authorize, meaning
that only the right person should have access to computers, hardware, software apps or any IT
resources etc. For the entry of new users or the changing of the roles of existing users, the list of
access privileges must be up to date all the time. IAM functions usually fall under IT departments or
sections that handle cyber security and data management.

How Does IAM Work?

Now that we understand the importance of IAM in today's cyber security sphere, Let us understand
the process of this framework. There are components that aid this process. Let's start by going
through each of them individually.

Principle is an entity that can perform actions on an aws resource or any cloud management system,
A user, a role, or an application can be a principle. It's always the Principal who raises a concern to
access or modify data on servers serving as the first point of contact in the IAM workflow.
Authentication is the process of confirming the identity of the principal trying to access the product.
The principal must provide such credentials or required keys for authentication. This step can be
further enhanced by multiple authentication factors and geologs among other things. Once the
identity is confirmed the principal has the ability to view the data behind the wall of security and
take the necessary steps.

when it comes to requests, a principal then sends a request to the cloud management system
specifying the action and which resource should perform it. In this step the user can ask to modify,
delete, edit or affect other users in this particular bucket of organization by changing the data or the
information. when it comes to authorization it carries out the rest of an organization identity and
access management processes once the user has been authenticated. Users are granted
authorizations according to their role at an organization. The practice is referred to as the role-based
access control or RBEC. Authorizations determine a role's resources and level of access in the
network. These items may include systems, applications, file shares, printers and more. For example,
an accounting department employee who regularly works with payroll software must be authorized
to do such. If authentication resembles a passport, these are the things your digital identity can
access with it.

while authentication is fully straightforward, authorizations and their management are far more
challenging. Authorizations consist of complex set of business rules and policies and groups which
are permitted explicitly configured per user account.

IAM Tools
SSO is an IAM tool that enables a user to log into one organization's properties and automatically be
logged into a design set of other properties, for example when you log into google, you're
automatically logged into your Gmail and your YouTube accounts. Similarly for users, single sign-on
reduces fiction since they don't have to keep track of different credentials for every application. For
organizations, SSO helps in collecting valuable insights about user behaviour and preferences since it
tags them as they move from one application to another connected by one single login.

Next is multi-factor authentication or MFA. Implementing multi-factor authentication is crucial to

protect your organization's data from malicious intrusions and virtually every IAM platform offers
some form of MFA. However, it is equally crucial to customize MFA with the appropriate level of
security. For example, in business to consumer scenarios, you need to consider UX and try not to
create unnecessary friction for users who don't want to be subjected to heightened scrutiny every
time they log.

For workforce IAM you may want a more stringent MFA, since the consequences of an unauthorized
party gaining access to your private network can be so devastating. A modern IAM solution will allow
you to implement MFA only when it's needed. This can be accomplished to set up authentication or
adaptive authentication (SBI) in which users only trigger MFA if they are trying to access sensitive
data or their behaviour is flagged as risky.

In the past few years identity has become the preferred gateway for hacker to break into systems,
brute force attacks, credential stuffing attacks and even highly targeted phishing campaigns are all
attempts by hackers to break in through a company's front door which is the login box. There are
multiple ways IAM systems can help detect and mitigate these malicious attacks. IAM solutions
detect attacks by monitoring signals such as the velocity of traffic, detection of login patterns that
differ from a user's routine, use of a breached password, use of devices and IP addresses with a poor
reputation among other things. These are some of the most widely used tools when it comes to IAM
frameworks but why do we go through setting up so many tools and firewalls.

Advantages of IAM

Let’s go through some of the advantages of using IAM systems in both corporate and consumer
environments. IAM solution helps identify and mitigate security risks. You can use IAM to identify
policy violations or remove inappropriate access privileges without having to search through multiple
distributed systems. You can also leverage IAM to ensure that security measures are in place to meet
regulatory and auditing requirements.

IAM provides a common platform for access and identity management information. You can apply
the same security policies across all the operating systems and devices used by the organization. The
IAM framework can help you enforce policies related to user authentication privileges and validation
and attend to the privileged creep problems. IAM simplifies sign up and user management processes
for application owners, end users and system administrators. It makes it simple to provide and
manage access and promotes user satisfaction. IAM services can also lower operating costs using
federated identity services means you no longer need local identities for external users. This makes
application administration easier. Cloud-based IAM services can reduce the need to buy and maintain
on-premise infrastructure.

Different types of outlier and Anomalies